Apple working on software to detect and remove Flashback trojan - Page 2

It will be nice when this happens. The Kaspersky removal tool that was just released and is exploding all over the web doesn't work at all just gives an error that the tool needs to be updated and some failed rm command.

Thanks, I was not aware of that! I would love to get rid of Flash. Just dumped Java last week, and so far nothing that I normally do online has been affected.

I've never been infected by anything on any of my personal or work Macs, but I think it is time Apple developed and delivered its own free security software much like Microsoft Security Essentials.

It could be called Apple Really Secure Essentials.

You have vehicles fitted with seat-belts and airbags to protect the idiots. Shame about the victims who inadvertently get in the way. Developers of Operating Systems must protect their passengers.

I wonder how good this number is.

They're now saying that the number is 230,000 to 270,000:
http://www.techweekeurope.co.uk/news...sh-botne-72458

Now, one of two things has happened:

1. Apple has somehow managed to reduce the number of bots by 60% even though they haven't released any software to fix it
or
2. The numbers are nothing more than guesswork and have no validity

I think #2 is far more likely.

If you had been following along you would know that there's been several different sites, forums, bloggers and security firms who have posted methods of finding out if your machine is infected as well as how to remove it. Apparently some number of Mac users did see the news and took their advice, successfully cutting the current infection down to around a quarter million from the original 650K.


http://www.eweek.com/c/a/Security/FS...m-Macs-830858/
http://reviews.cnet.com/8301-13727_7...are-from-os-x/
http://www.tuaw.com/2012/04/12/flash...ecurity-firms/
http://www.youtube.com/watch?v=bq1sQXW4KEg

It's not "guesswork" - it's straightforward arithmetic. Set up a false command server and count the number of bots that check in. The method used to tracking the number of declining infections is the same method used to figure out the initial infection rate. I've asked in another thread and I'll ask here - what's wrong with this method? No one yet has explained why this method is flawed. Since you can't knock down the method with actual reasons, you just resort to asserting that it has "no validity" - no explanation why it's not valid, it just isn't valid.

Honestly, I cannot believe the cherrypicking going on here, the obstinate refusal to believe facts that you don't want to believe, reality, logic and consistency be damned. It's like every cliched stereotype of a deluded Apple fanboys come to life.

As for what accounts for the drop in figure, there's also option 3 - that some of the reduction isn't due to trojans being removed yet but are being blocked from checking into the command servers by DNS blocks set up by providers such as Open DNS (Open DNS has announced that they are blocking access to the trojan's command servers, preventing infected computers from communicating and receiving new instructions and code). I would think that the security firms are making sure that DNS blocks aren't being applied to their fake servers so that they can continue to track this botnet accurately but given that Apple apparently misidentified a fake server as a real one and tried to take it down, you can't discount the possibility.

For those who are curious about the details of the trojan and how it's being tracked, go to Symantec's blog post on the topic. They've set up their own command servers - just like Kaspersky and Dr. Web - and are monitoring the botnet:

http://www.symantec.com/connect/blog...ns-down-270000

And Symantec has released their own free Flashback detection and removal tool:

http://www.symantec.com/security_res...041214-1825-99

Now there are 3 removal tools from the 3 of the biggest security firms out there - Symantec, Kaspersky and F Secure. All of them are free.

Well you're right, but it doesn't change the fact that this happened right after the fact and now I have to hear about it.